Results 1 to 9 of 9

Thread: Security issues on Craigslist

  1. #1
    Join Date
    Nov 2010
    Beans
    55

    Security issues on Craigslist

    I've been listing a few bits and pieces on Craigslist over the last week or two, and am running into the same old problem of being bombarded with a ton of scam responses - it gets to a point where you're lucky if 1 in 10 is a legitimate inquiry.

    I don't respond to them, but I'm always left scratching my head trying to figure out what they're supposed to accomplish. They fall into two categories. The first are what I call 'echo' emails, posts that contain a line of text copied directly from one of my posts, with a question mark appended to the end. The best I can figure is that the scammers are using some kind of auto-mailer that selects a passage from one of my posts and puts a question mark on the end to make it seem as if someone's making a legitimate inquiry on the item. The other emails, which I've also come across elsewhere, simply contain random words - how they're supposed to elicit a response I don't know.

    I have been caught out before on Craigslist by what I thought was a real inquiry, only to discover that my responding to it apparently posted all my email contacts - the first I knew about it was when some friends informed me that their security systems were flagging the resulting emails. Is that what these other emails are attempting to do?

    Even though I've started including a clause in my posts that states that I'll only respond to phone numbers (and I only use my cell phone to call, rather than the home number) there are the odd responses that don't provide a number but look legit - for those I don't hit 'reply' but copy the address from the body of the email and paste it into a new post.

    All of this takes place on my Windows-based PC, but I'm thinking of switching all my Craigslist correspondence over to the Ubuntu-based PC for added security. I'm not sure if it will work though, as I don't know if these scam posts work off my own hardware to acquire data such as my email contacts, or if they tap directly into the online email account I use when/if I respond, in which case whatever PC or PS I use may be a moot point. Would I be more secure switching all related correspondence to an Ubuntu-based machine, or is there still a threat?

    Thoughts anyone?

  2. #2
    Join Date
    Sep 2012
    Location
    12o4/14o4
    Beans
    Hidden!

    Re: Security issues on Craigslist

    Moving Craigslist to linux will not stop the crud/spam, but just responding to phone calls is what I do. And then take it a step further when posting your number. Example:

    555-5five5-5555

    But we all seem to be stuck with that family member thats 5 days out to sea and will arange shipping for ..

  3. #3
    Join Date
    Nov 2010
    Beans
    55

    Re: Security issues on Craigslist

    Hi again,
    I didn't think for one minute that it would stop the scam posts coming in - more a case of hoping that using a Linux-based system would negate whatever it is that they embed in the email that steals my information if I respond directly to the email. See, I have a laptop at hand that I've recently installed Ubuntu on which is completely clean - I figured that between the machine being non-Windows, and having a clean install as well, there's nothing there for the nasty email content to target or manipulate. But if the emails are zeroing in on the email site I use online for Craigslist, rather than the hardware, it really wouldn't matter. So that's what I'm trying to sort out. That and to give me a better idea of how they function.

    Also just to clarify, I don't put my own phone number in the content - that I don't need! I simply state that if any buyer is interested in items I'm selling to send me a post with their own phone number included.

  4. #4
    Join Date
    Jan 2010
    Location
    Hyperborea
    Beans
    1,481
    Distro
    Ubuntu

    Re: Security issues on Craigslist

    I received a text last night that said my mobile number had won $15000000 in a lottery.
    So whatever it is you're selling, I will be able to afford it.
    I just need to email someone in China to get the cash

    On a serious note, I would use Ubuntu for your browsing and possibly change your email password.

  5. #5
    Join Date
    Sep 2011
    Beans
    1,531

    Re: Security issues on Craigslist

    The email scams have nothing to do with the operating system. So you could use mac, windows, linux, solaris, bsd, blah blah blah, and the scams would work the same.

    I found this which explains the scams pretty nicely. An except:
    The easiest way to protect your identity is to set up an email address at one of the web based services such as Yahoo or Gmail, and use that email address for your Craig's List account. That way, whether you're listing or responding to an ad, the email lookup scammers don't get any critical information about you. And, be smart - don't set up an account such as john.doe @gmail. com - you've just given away your name again to the email lookup scammers! Instead, try twoleggeddoe @gmail. com

  6. #6
    Join Date
    Aug 2011
    Beans
    0

    Re: Security issues on Craigslist

    Scam artists have their way of convincing innocent people to do things they don’t normally do. They have the talent to get anyone’s trust by being friendly and nice.
    That is why it’s important for us to have this kind of warning. For us to be able to share it to our family and friends. Being careful isn’t enough, we should also spread awareness.
    I would also like to share a scam warning about a certain Robert Bonaccolta. A foreign investor unfortunately was scammed by Robert Bonaccolta also known as Bobby with over $300,000 in a real estate transaction.

  7. #7
    Join Date
    Nov 2010
    Beans
    55

    Re: Security issues on Craigslist

    Okay, I will try this one more time.

    This is NOT about scams per se, it is not about answering stupid emails from Nigeria, or about being dumb enough to hand out personal data to someone stating that you've won a lottery, nor is it about being gullible enough to fall for supposed security breach notices from banks, Paypal, Ebay, etc asking you to reset your passwords.

    This is simply about people trying to entice you to reply to their emails by asking questions on items you're selling. What you say isn't relevant - you could reply with 'it's a sunny day' and still get smacked. They aren't asking for personal data - it's hitting that 'reply' button that's the key. Some kind of macro they're embedding in their emails is somehow being activated by the very action of hitting 'reply' so that not only are you sending them a post containing a reply to what seems like a legitimate request for further information on the item you're selling, but it's somehow acquiring email addresses as well without it actually showing up in the text.

    This process is making it a nightmare to deal on sites like Craigslist, because it gets harder and harder to know which email inquires are legit and which ones are simply fishing for a reply of any kind that will transmit the email data they''re surreptitiously fishing for. My security programs aren't picking anything up, which is of no help at all.

    So I'll ask again. Is this nefarious activity taking place on the email site servers and trying to grab email addresses there, or is it taking place on my hardware? If it's site specific then the solution is easy, which is to set up an account specifically for Craigslist use, which I already have done. If it's hardware specific and exploiting weaknesses in Windows (my main PC) would Linux be immune to such exploitation if i switched to doing my Craigslist work on my Ubuntu PC? I need to know one way or the other.

  8. #8
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Security issues on Craigslist

    Why not set up a gmail account specifically for dealing with craigslist only, don't use it for anything else.

  9. #9
    Join Date
    Sep 2011
    Beans
    1,531

    Re: Security issues on Craigslist

    Quote Originally Posted by timbo59 View Post
    So I'll ask again. Is this nefarious activity taking place on the email site servers and trying to grab email addresses there, or is it taking place on my hardware? If it's site specific then the solution is easy, which is to set up an account specifically for Craigslist use, which I already have done. If it's hardware specific and exploiting weaknesses in Windows (my main PC) would Linux be immune to such exploitation if i switched to doing my Craigslist work on my Ubuntu PC? I need to know one way or the other.
    It is not taking place on your hardware. It is not taking place on your Operating System (be it Windows or Linux).

    There are a lot of variations of the scam, some of them are social engineering where they are trying to extract information from you, probably in the hopes of getting bank or credit card accounts to steal.

    The one you mentioned in your OP, where they emailed to all your contacts, that probably involved a script. If it's a web-based email system then it could be a javascript that executed inside the browser. If that's the case then it would be entirely independent from your operating system. You could run Linux, Mac, Windows, BSD, Solaris, etc. and it would function the same. Or the whole point of the spam email could be for you to click on a link (a link that looked like a reply button?). Once an attacker gets you on a web page he controls, the possible attacks are innumerable.

    The mitigation that Cariboo907 and I both suggested is to have an email account only for craigslist. Craigslist seems to have a built-in email account that will anonymize your address. That's a great idea.

    But changing the operating system will do nothing.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •